[−][src]Module bundled_crypto::token::paseto
An implementation of the PASETO token standard.
Here is an example usage of the v2 local PASETO protocol:
use bundled_crypto::token::paseto; use bundled_crypto::algo::{Algo, SafeGenerateKey}; fn main() { let key = <paseto::v2::local::Algo as Algo>::Key::safe_generate(&()); let tok = paseto::token::Data { msg: "Hello World!", // Any serializable content. footer: Some("Hello World 2!"), // Any serializable content. }; let encrypted = paseto::v2::local::Protocol.encrypt(tok, &key).unwrap(); let tok: paseto::token::Data<String, String> = paseto::v2::local::Protocol::decrypt(encrypted, &key).unwrap(); }
TODO:
- [x] Constant time verification, dependent on library implementations.
- [ ] Ensure string constant time comparison in the cryptographic primitives.
- [x] Ability send and receive, and decrypt/decode the payload into Rust objects.
- [x] Implement v1 local.
- [x] Implement v1 public.
- [x] Implement v2 local.
- [x] Implement v2 public.
- [x] Disallow accidental usage of public keys with local token keys and vice versa.
- [ ] Disallow setting of
iss,sub,aud,exp,nbf,iat, andjtiin the top level. - [ ] Automatic validation of
iss,sub,aud,exp,nbf,iat, andjtifields. - [ ] Built in footer validation + key id support.
Modules
| error | The possible errors while using PASETO's protocols. |
| token | A collection of types used throughout all four standard PASETO protocols. |
| v1 | |
| v2 |
Traits
| KnownClaims | A trait to help with known claims (the |
Functions
| collapse_to_vec | A helper for flattening a slice of slices into a single |
| multi_part_pre_auth_encoding | Implementation of the pre-auth encoding described by PASETO. |